Is Java Minecraft more secure than C++ Minecraft?

There are two versions of Minecraft:

Minecraft Java, which is written in Java.

Minecraft Bedrock, which is written in C++.

Knowing that the codebase of these games is massive, wouldn’t it make the Java version safer than the C++ version?

1 Like

I don’t think it really matters security-wise. There’s not really any reason to pick C version when java exists though, more mod friendly and suffers less from microsoft bad design decision

This reminds me of using I2p (Java) and i2pd (C++)

Mods themselves can be a security risk, as you are downloading additional code onto your machine and trusting it not to be malicious, whether the mod is malicious from the start or a trusted mod developer falls victim to a supply chain attack. This can even happen (however rarely) on more trustworthy platforms like CurseForge as demonstrated by the Fractureiser incident. I accept the risk myself, but if we’re purely talking about security, I thought it important to note.

1 Like

do you remember the log4j vuln? the java edition is not safe from vulnerabilities

also, these are video games. and for maximum security, you can just play in singleplayer.

also Java Edition runs natively on Linux, Bedrock doesn’t. I’ll wager that you use Linux, and it is obvious which one is more accessible.

2 Likes

I never said that Minecraft Java is safe from vulnerabilities, but it’s written in a memory safe language, unlike Minecraft Bedrock.

Minecraft Bedrock does run on Linux, and it also runs better than Minecraft Java because it’s written in C++.

Besides security and privacy, the Bedrock edition has more bugs than the Java edition.

1 Like

Are you referring to the MCPE launcher? It has to be emulated from ARM to x86_64 and is a mobile version, not the proper Windows 10/11 UWP version.

Personally though, Minecraft Java runs so smooth on Linux on my device compared to Windows.

It still performs better than Minecraft Java, the compatibility layer barely has any performance impact.

https://mcpelauncher.readthedocs.io/en/latest/faq/index.html#how-does-it-work

I think this comes a down to threat models. I don’t realistically see either version being a major issue unless maybe you are gaming in a hostile environment. At that point I would not consider playing Mincecraft if one is worried of the attack surface differences between to the implementations. If this is the case, I would heavily consider to not play online or to not install any mods. This limits attacks to your local computer and direct access.

Other than that, the choice between the two editions is likely one based on other discussion: modding capability, OS compatability, performance, reliability, etc. I’d choose what makes the game more fun.

Now this is a very interesting question. This depends heavily on what system you install the game on. Java is memory-safe, but it also depends on which launcher you use.

The MMPA is a group of programmers who test Minecraft and user content for instances of malware, and they’ve written a lot of useful information on it, if you’re interested in the finer details. But one part that stuck out was how a lot of malware infections on Linux (which I’m wagering most people here are using on desktop) were prevented by installing one of the custom launchers in a Flatpak with proper permission limiting. This was when the terrible Fractureiser malware hit the modding scene.

Now, speaking personally, Java Edition is better anyway because there’s no proprietary launcher they shackle you to and you can use a custom sandboxed one with better support and QoL. Modding support is way better and you can selfhost multiplayer servers instead of relying on their insecure ones in the “cloud”. So honestly, you should pick that over Bedrock any day. Microsoft is ruining Bedrock by removing modding support so they sell more microtransactions and they’ve had the usual spyware slipping nonsense with it too.

(EDIT: Also forgot to mention, on Android and iOS you can actually play a port of Java Edition through the wonderful open-source Pojav Launcher which helps as the standard protections these systems provide are far stricter. In any case, use that over Bedrock. Both editions now come bundled together anyway when you buy the game, so it’s a matter of which one you prefer to use.)

Call me when they got a RUST version :rofl:

That would be nice. It would be memory-safe like Java but also have good performance like Bedrock.